Hi Tom !
thanks for your reply to my message, I'll do some tests with your
suggestions and if I'm in trouble again I'll send you the dump.
2014-09-30 21:43 GMT+02:00 Tom Eastep <[email protected]>:
> On 9/30/2014 1:32 AM, [email protected] wrote:
> > Hi all,
> > I'm new to this list so "hi! and thanks for any support you can give me
> :)".
> >
> > I'm experiencing a problem with packet mangling ( I think ), in my
> > configuration there are 2 providers, balanced in this way
> >
> > prov1 1 1 - eth0 x.x.x.x track,balance -
> > prov2 2 2 - eth2 y.y.y.y track,balance -
> >
> > all is working, the packets are put out of the interfaces in a round
> > robin like method.
> >
> > but now, my customer wants that an ftp service behind firewall is
> > exposed only trought prov1, so I decided to act in this way:
> >
> > rules file:
> > DNAT net loc:x.x.x.211 tcp 20 - ip_pub_on_provider_1
> > DNAT net loc:x.x.x.211 tcp 21 - ip_pub_on_provider_1
> >
>
> The second rule is fine -- the first rule is bogus and not needed.
>
> > mangle file:
> > MARK(1):P x.x.x.211/32 0.0.0.0/0 <http://0.0.0.0/0> all
>
> You shouldn't need that either.
> >
> >
> > But, the connections are not allways going out with eth0, sometimes
> > going out with eth2.
> >
>
> Active mode ftp should 'just work' in this environment - please send the
> output of 'shorewall dump' collected as described at
> http://www.shorewall.net/support.htm#Guidelines. You can send it to me
> privately if you like.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
